Repository for all my notes and study material for the Splunk Architect exam.

I plan to include markdown files with notes, sample .conf files, or anything useful I've picked up on this journey. This repository will be built around the Splunk Enterprise Certifed Architect blueprint, which can be downloaded from the following link:

• Splunk Enterprise Certifed Architect Blueprint

NOTE: This is not intended to replace the need to take the official Splunk training courses as they are required to sit for the Splunk Enterprise Certified Architect exam.

1. Introduction
   • Describe a deployment plan
   • Define the deployment process
2. Project Requirements
   • Identify critical information about environment, volume, users, and requirements
   • Apply checklists and resources to aid in collecting requirements
3. Infrastructure Planning: Index Design
   • Understand design and size indexes
   • Estimate non-smart store related storage requirements
   • Identify relevant apps
4. Infrastructure Planning: Resource Planning
   • List sizing considerations
   • Identify disk storage requirements
   • Define hardware requirements for various Splunk components
   • Describe ES considerations for sizing and topology
   • Describe ITSI considerations for sizing and topology
   • Describe security, privacy, and integrity measures
5. Clustering Overview
   • Identify non-smart store related storage and disk usage requirements
   • Identify search head clustering requirements
6. Forwarder and Deployment Best Practices
   • Identify best practices for forwarder tier design
   • Understand configuration management for all Splunk components, using Splunk deployment tools
7. Performance Monitoring and Tuning
   • Use limits.conf to improve performance
   • Use indexes.conf to manage bucket size
   • Tune props.conf
   • Improve search performance
8. Splunk Troubleshooting Methods and Tools
   • Splunk diagnostic resources and tools
9. Clarifying the Problem
   • Identify Splunk’s internal log files
   • Identify Splunk’s internal indexes
10. Licensing and Crash Problems
    • License issues
    • Crash issues
11. Configuration Problems
    • Input issues
12. Search Problems
    • Search issues
    • Job inspector
13. Deployment Problems
    • Forwarding issues
    • Deployment server issues
14. Large-scale Splunk Deployment Overview
    • Identify Splunk server roles in clusters
    • License Master configuration in a clustered environment Updated
15. Single-site Indexer Cluster
    • Splunk single-site indexer cluster configuration
16. Multisite Indexer Cluster
    • Splunk multisite indexer cluster overview
    • Multisite indexer cluster configuration
    • Cluster migration and upgrade considerations
17. Indexer Cluster Management and Administration
    • Indexer cluster storage utilization options
    • Peer offline and decommission
    • Master app bundles
    • Monitoring Console for indexer cluster environment
18. Search Head Cluster
    • Splunk search head cluster overview
    • Search head cluster configuration
19. Search Head Cluster Management and Administration
    • Search head cluster deployer
    • Captaincy transfer
    • Search head member addition and decommissioning
20. KV Store Collection and Lookup Management
    • KV Store collection in Splunk clusters Up